* [gentoo-commits] repo/gentoo:master commit in: net-dns/dnsviz/, net-dns/dnsviz/files/
@ 2020-08-22 13:41 Thomas Deutschmann
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Deutschmann @ 2020-08-22 13:41 UTC (permalink / raw
To: gentoo-commits
commit: 4b99c0e37947f6be1cdb6ff897477e590a0480a9
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 22 12:19:49 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Aug 22 13:41:31 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b99c0e3
net-dns/dnsviz: replace libnacl with py-cryptography
This will also add Ed448 support.
Package-Manager: Portage-3.0.3, Repoman-3.0.0
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild | 48 ++++++
.../files/dnsviz-0.8.2-add-ed448-support.patch | 182 +++++++++++++++++++++
2 files changed, 230 insertions(+)
diff --git a/net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild b/net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild
new file mode 100644
index 00000000000..cffca2ff2de
--- /dev/null
+++ b/net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6,7,8} )
+inherit distutils-r1 eutils
+
+DESCRIPTION="Tool suite for analysis and visualization of DNS and DNSSEC"
+HOMEPAGE="https://dnsviz.net/"
+SRC_URI="https://github.com/dnsviz/dnsviz/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND="
+ dev-python/dnspython[${PYTHON_USEDEP}]
+ >=dev-python/m2crypto-0.31.0[${PYTHON_USEDEP}]
+ >=dev-python/pygraphviz-1.3.1[${PYTHON_USEDEP}]
+ dev-python/setuptools[${PYTHON_USEDEP}]"
+
+RDEPEND="
+ ${DEPEND}"
+
+PATCHES=( "${FILESDIR}"/${PN}-0.8.2-add-ed448-support.patch )
+
+python_prepare_all() {
+ # Fix the ebuild to use correct FHS/Gentoo policy paths for 0.8.2
+ sed -i "s*share/doc/dnsviz*share/doc/dnsviz-${PV}*g" "${S}"/setup.py || die
+
+ distutils-r1_python_prepare_all
+}
+
+pkg_postinst() {
+ elog "Support for extra feature can be get from:"
+ optfeature "Support for pre-deployment testing" net-dns/bind
+
+ # Warn about extra requirements for >=OpenSSL 1.1.0
+ if has_version '=dev-libs/openssl-1.1*'; then
+ echo
+ ewarn "With OpenSSL version 1.1.0 and later,the OpenSSL GOST Engine"
+ ewarn "is necessary to validate DNSSEC signatures with algorithm 12"
+ ewarn "(GOST R 34.10-2001) and digests of type 3 (GOST R 34.11-94)"
+ ewarn "OpenSSL GOST Engine can be get from --> dev-libs/gost-engine"
+ fi
+}
diff --git a/net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-support.patch b/net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-support.patch
new file mode 100644
index 00000000000..1d4d88e97e6
--- /dev/null
+++ b/net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-support.patch
@@ -0,0 +1,182 @@
+From 99bb0c7430c9f954582eabd3a9581fe0db6f2e81 Mon Sep 17 00:00:00 2001
+From: Pascal Ernster <git@hardfalcon.net>
+Date: Mon, 22 Jul 2019 04:25:18 +0200
+Subject: [PATCH] Replace libnacl with python-cryptography, add support for
+ algo 16 (Ed448)
+
+Origin: https://github.com/dnsviz/dnsviz/pull/54
+
+---
+ Dockerfile | 2 +-
+ README.md | 8 ++++----
+ contrib/dnsviz-py2.spec | 2 +-
+ contrib/dnsviz-py3.spec | 2 +-
+ dnsviz/crypto.py | 30 +++++++++++++++++++++++++-----
+ requirements.txt | 2 +-
+ setup.py | 2 +-
+ 7 files changed, 34 insertions(+), 14 deletions(-)
+
+diff --git a/Dockerfile b/Dockerfile
+index dc6a0d9e..61a319de 100644
+--- a/Dockerfile
++++ b/Dockerfile
+@@ -2,7 +2,7 @@ FROM alpine:edge
+
+ RUN apk add python3 graphviz ttf-liberation libsodium bind bind-tools
+ RUN apk add --virtual builddeps linux-headers python3-dev graphviz-dev gcc libc-dev openssl-dev swig && \
+- pip3 install pygraphviz m2crypto dnspython libnacl && \
++ pip3 install pygraphviz m2crypto dnspython cryptography && \
+ apk del builddeps
+
+ COPY . /tmp/dnsviz
+diff --git a/README.md b/README.md
+index e9dcda83..03d9c3dd 100644
+--- a/README.md
++++ b/README.md
+@@ -41,7 +41,7 @@ Instructions for running in a Docker container are also available
+
+ * M2Crypto (0.28.0 or later) - https://gitlab.com/m2crypto/m2crypto
+
+-* libnacl - https://github.com/saltstack/libnacl
++* Cryptography (2.6 or later) - https://cryptography.io/
+
+ Note that the software versions listed above are known to work with the current
+ version of DNSViz. Other versions might also work well together, but might
+@@ -85,7 +85,7 @@ $ source ~/myenv/bin/activate
+ ```
+ (Note that this installs the dependencies that are python packages, but some of
+ these packages have non-python dependecies, such as Graphviz (required for
+-pygraphviz) and libsodium (required for libnacl), that are not installed
++pygraphviz) and OpenSSL (required for Cryptography), that are not installed
+ automatically.)
+
+ Next download and install DNSViz from the Python Package Index (PyPI):
+@@ -121,9 +121,9 @@ $ cp dist/dnsviz-*.tar.gz ~/rpmbuild/SOURCES/
+ $ cp contrib/dnsviz-py${PY_VERS}.spec ~/rpmbuild/SPECS/dnsviz.spec
+ ```
+
+-Install dnspython, pygraphviz, M2Crypto, and libnacl.
++Install dnspython, pygraphviz, M2Crypto, and Cryptography.
+ ```
+-$ sudo dnf install python${PY_VERS}-dns python${PY_VERS}-pygraphviz python${PY_VERS}-libnacl
++$ sudo dnf install python${PY_VERS}-dns python${PY_VERS}-pygraphviz python${PY_VERS}-cryptography
+ ```
+ For python2:
+ ```
+diff --git a/contrib/dnsviz-py2.spec b/contrib/dnsviz-py2.spec
+index 0bea597b..65033c95 100644
+--- a/contrib/dnsviz-py2.spec
++++ b/contrib/dnsviz-py2.spec
+@@ -15,7 +15,7 @@ BuildRequires: make
+ Requires: python2-pygraphviz >= 1.3
+ Requires: m2crypto >= 0.28.0
+ Requires: python2-dns >= 1.13
+-Requires: python2-libnacl
++Requires: python2-cryptography
+
+ %description
+ DNSViz is a tool suite for analysis and visualization of Domain Name System
+diff --git a/contrib/dnsviz-py3.spec b/contrib/dnsviz-py3.spec
+index ef25f4b5..975f3e10 100644
+--- a/contrib/dnsviz-py3.spec
++++ b/contrib/dnsviz-py3.spec
+@@ -15,7 +15,7 @@ BuildRequires: make
+ Requires: python3-pygraphviz >= 1.3
+ Requires: python3-m2crypto >= 0.28.0
+ Requires: python3-dns >= 1.13
+-Requires: python3-libnacl
++Requires: python3-cryptography
+
+ %description
+ DNSViz is a tool suite for analysis and visualization of Domain Name System
+diff --git a/dnsviz/crypto.py b/dnsviz/crypto.py
+index b011cbf3..283eac4d 100644
+--- a/dnsviz/crypto.py
++++ b/dnsviz/crypto.py
+@@ -55,7 +55,7 @@
+ 'M2Crypto >= 0.21.1': (set([1,5,7,8,10]), set([1,2,4]), set([1])),
+ 'M2Crypto >= 0.24.0': (set([3,6,13,14]), set(), set()),
+ 'M2Crypto >= 0.24.0 and either openssl < 1.1.0 or openssl >= 1.1.0 plus the OpenSSL GOST Engine': (set([12]), set([3]), set()),
+- 'libnacl': (set([15]), set(), set()),
++ 'cryptography': (set([15,16]), set(), set()),
+ }
+ _logged_modules = set()
+
+@@ -72,12 +72,19 @@
+ _supported_digest_algs.update(set([1,2,4]))
+
+ try:
+- from libnacl.sign import Verifier as ed25519Verifier
++ from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
+ except ImportError:
+ pass
+ else:
+ _supported_algs.add(15)
+
++try:
++ from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PublicKey
++except ImportError:
++ pass
++else:
++ _supported_algs.add(16)
++
+ GOST_PREFIX = b'\x30\x63\x30\x1c\x06\x06\x2a\x85\x03\x02\x02\x13\x30\x12\x06\x07\x2a\x85\x03\x02\x02\x23\x01\x06\x07\x2a\x85\x03\x02\x02\x1e\x01\x03\x43\x00\x04\x40'
+ GOST_ENGINE_NAME = b'gost'
+ GOST_DIGEST_NAME = b'GOST R 34.11-94'
+@@ -386,10 +393,21 @@ def _validate_rrsig_ec(alg, sig, msg, key):
+
+ def _validate_rrsig_ed25519(alg, sig, msg, key):
+ try:
+- verifier = ed25519Verifier(binascii.hexlify(key))
+- return verifier.verify(sig + msg) == msg
+- except ValueError:
++ verifier = Ed25519PublicKey.from_public_bytes(key)
++ verifier.verify(sig, msg)
++ except:
+ return False
++ else:
++ return True
++
++def _validate_rrsig_ed448(alg, sig, msg, key):
++ try:
++ verifier = Ed448PublicKey.from_public_bytes(key)
++ verifier.verify(sig, msg)
++ except:
++ return False
++ else:
++ return True
+
+ def validate_rrsig(alg, sig, msg, key):
+ if not alg_is_supported(alg):
+@@ -407,6 +425,8 @@ def validate_rrsig(alg, sig, msg, key):
+ return _validate_rrsig_ec(alg, sig, msg, key)
+ elif alg in (15,):
+ return _validate_rrsig_ed25519(alg, sig, msg, key)
++ elif alg in (16,):
++ return _validate_rrsig_ed448(alg, sig, msg, key)
+
+ def get_digest_for_nsec3(val, salt, alg, iterations):
+ if not nsec3_alg_is_supported(alg):
+diff --git a/requirements.txt b/requirements.txt
+index d6b2de5e..af2be235 100644
+--- a/requirements.txt
++++ b/requirements.txt
+@@ -1,4 +1,4 @@
+ dnspython
+ pygraphviz
+ m2crypto
+-libnacl
++cryptography
+diff --git a/setup.py b/setup.py
+index ba1016e3..b531c025 100644
+--- a/setup.py
++++ b/setup.py
+@@ -135,7 +135,7 @@ def run(self):
+ 'pygraphviz (>=1.1)',
+ 'm2crypto (>=0.24.0)',
+ 'dnspython (>=1.11)',
+- 'libnacl',
++ 'cryptography (>=2.6)',
+ ],
+ classifiers=[
+ 'Development Status :: 5 - Production/Stable',
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/dnsviz/, net-dns/dnsviz/files/
@ 2022-07-02 15:14 David Seifert
0 siblings, 0 replies; 2+ messages in thread
From: David Seifert @ 2022-07-02 15:14 UTC (permalink / raw
To: gentoo-commits
commit: b75315181abeabf4bae2e6724d748702854dfa9d
Author: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit <DOT> com>
AuthorDate: Sat Jul 2 15:13:55 2022 +0000
Commit: David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Sat Jul 2 15:13:55 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b7531518
net-dns/dnsviz: drop 0.8.2-r1, 0.9.2, 0.9.3
Closes: https://github.com/gentoo/gentoo/pull/26202
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit.com>
Signed-off-by: David Seifert <soap <AT> gentoo.org>
net-dns/dnsviz/Manifest | 3 -
net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild | 61 -------
net-dns/dnsviz/dnsviz-0.9.2.ebuild | 52 ------
net-dns/dnsviz/dnsviz-0.9.3.ebuild | 52 ------
.../files/dnsviz-0.8.2-add-ed448-support.patch | 182 ---------------------
5 files changed, 350 deletions(-)
diff --git a/net-dns/dnsviz/Manifest b/net-dns/dnsviz/Manifest
index 297267a16d5e..ed5d40952fa9 100644
--- a/net-dns/dnsviz/Manifest
+++ b/net-dns/dnsviz/Manifest
@@ -1,4 +1 @@
-DIST dnsviz-0.8.2.tar.gz 404265 BLAKE2B c4ba6b5a7d6fee7c8e2cba0c90f29560152dd4beed1ef4d80a6a3bf9f81646ee8f0d61c38329233e300f2b434cb5d9e9d2a926dc72997ae68ff0a57e147bafcf SHA512 5414d9bda6c0bf5fdc5a84a09cb5833619110702749b12f87d63f5149de473f4bd1b6960c506c60ec5fc5ff82d789536cee70a299ff13c960a45776de2916c80
-DIST dnsviz-0.9.2.tar.gz 477947 BLAKE2B 62b94e6b05d1129d5c4655ff1faf8adb3c2eec868db6049e09dd180cebccab94412eee25293d83ec3e6bc5b18fae33ba0acfe3c3b30cececdd4952005879eab0 SHA512 8ad9e1aabb4704ff4939617532c32e5edde0d369efd2e4a7a6f30d33b8bac941b2d1073e98fed90e2a11438a0b1c18b8fafe07f4122fb888ebdb24bd2426abf6
-DIST dnsviz-0.9.3.tar.gz 477931 BLAKE2B e3e020fdddacdf06a4e7b78edade72136d6530dac5b243b30e97f609c9fb3b912fb6d6c00b8c54e17f1d2ba411a2b116f9cb89bfc51c01f43d8a1a03a00755aa SHA512 8ccaa29df6cc7824db7153950d5cb423d1ac7a76ae20a15b35c2e66d362b3340e23a9973f71b884ea7e7b861e2bb0051e32abc3e45795792a7db3b01b62449c5
DIST dnsviz-0.9.4.tar.gz 477971 BLAKE2B 3c8bebcea89bc6e78247c45c4266f73be4f9f618bfaa48a47460a43deb4789fe71eaa77eb4ff59c2d8e863cdfdddaf5908279aad93ffd63fdbe16d0966aa943b SHA512 b88d0ddff6279078a5222b4250a404c39db6d896d57bba51c878c8b8d01582deda2fe67b5f6370d7a98389e09ad46bdf3903d77fee91c0291b14a9109f1739e3
diff --git a/net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild b/net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild
deleted file mode 100644
index e3feb492a94d..000000000000
--- a/net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild
+++ /dev/null
@@ -1,61 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{7,8} )
-inherit distutils-r1 optfeature
-
-DESCRIPTION="Tool suite for analysis and visualization of DNS and DNSSEC"
-HOMEPAGE="https://dnsviz.net/"
-SRC_URI="https://github.com/dnsviz/dnsviz/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~amd64 ~x86"
-IUSE=""
-
-DEPEND="
- dev-python/dnspython[${PYTHON_USEDEP}]
- >=dev-python/m2crypto-0.31.0[${PYTHON_USEDEP}]
- >=dev-python/pygraphviz-1.3.1[${PYTHON_USEDEP}]"
-
-RDEPEND="
- ${DEPEND}"
-
-PATCHES=( "${FILESDIR}"/${PN}-0.8.2-add-ed448-support.patch )
-
-python_prepare_all() {
- # Fix the ebuild to use correct FHS/Gentoo policy paths for 0.8.2
- sed -i \
- -e "s|share/doc/dnsviz|share/doc/${PF}|g" \
- "${S}"/setup.py \
- || die
-
- distutils-r1_python_prepare_all
-}
-
-python_test() {
- distutils_install_for_testing
-
- "${EPYTHON}" tests/offline_tests.py -v || die
-
- # No need to pull in net-dns/bind for this small test
- if hash named-checkconf &>/dev/null ; then
- "${EPYTHON}" tests/local_probe_tests.py -v || die
- else
- einfo "Skipping local_probe_tests -- named-checkconf not found!"
- fi
-}
-
-pkg_postinst() {
- optfeature "Support for pre-deployment testing" net-dns/bind
-
- # Warn about extra requirements for >=OpenSSL 1.1.0
- if has_version '=dev-libs/openssl-1.1*'; then
- ewarn "With OpenSSL version 1.1.0 and later,the OpenSSL GOST Engine"
- ewarn "is necessary to validate DNSSEC signatures with algorithm 12"
- ewarn "(GOST R 34.10-2001) and digests of type 3 (GOST R 34.11-94)"
- ewarn "OpenSSL GOST Engine can be get from --> dev-libs/gost-engine"
- fi
-}
diff --git a/net-dns/dnsviz/dnsviz-0.9.2.ebuild b/net-dns/dnsviz/dnsviz-0.9.2.ebuild
deleted file mode 100644
index d1f444d39db4..000000000000
--- a/net-dns/dnsviz/dnsviz-0.9.2.ebuild
+++ /dev/null
@@ -1,52 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{7,8,9} )
-inherit distutils-r1 optfeature
-
-DESCRIPTION="Tool suite for analysis and visualization of DNS and DNSSEC"
-HOMEPAGE="https://dnsviz.net/"
-SRC_URI="https://github.com/dnsviz/dnsviz/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~amd64 ~x86"
-IUSE="test"
-RESTRICT="!test? ( test )"
-
-BDEPEND="test? ( net-dns/bind )"
-
-DEPEND=">=dev-python/dnspython-1.13[${PYTHON_USEDEP}]
- >=dev-python/m2crypto-0.37.0[${PYTHON_USEDEP}]
- >=dev-python/pygraphviz-1.3.1[${PYTHON_USEDEP}]"
-
-RDEPEND="${DEPEND}"
-
-python_prepare_all() {
- # Fix the ebuild to use correct FHS/Gentoo policy paths
- sed -i \
- -e "s|share/doc/dnsviz|share/doc/${PF}|g" \
- "${S}"/setup.py \
- || die
-
- distutils-r1_python_prepare_all
-}
-
-python_test() {
- distutils_install_for_testing
-
- "${EPYTHON}" tests/dnsviz_probe_run_offline.py -v || die
- "${EPYTHON}" tests/dnsviz_print_options.py -v || die
- "${EPYTHON}" tests/dnsviz_print_run.py -v || die
- "${EPYTHON}" tests/dnsviz_graph_options.py -v || die
- "${EPYTHON}" tests/dnsviz_graph_run.py -v || die
- "${EPYTHON}" tests/dnsviz_grok_options.py -v || die
- "${EPYTHON}" tests/dnsviz_grok_run.py -v || die
-}
-
-pkg_postinst() {
- optfeature "Support for pre-deployment testing" net-dns/bind
- optfeature "Support for DNSSEC signatures using GOST algorithm or digest" dev-libs/ghost-engine
-}
diff --git a/net-dns/dnsviz/dnsviz-0.9.3.ebuild b/net-dns/dnsviz/dnsviz-0.9.3.ebuild
deleted file mode 100644
index d1f444d39db4..000000000000
--- a/net-dns/dnsviz/dnsviz-0.9.3.ebuild
+++ /dev/null
@@ -1,52 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{7,8,9} )
-inherit distutils-r1 optfeature
-
-DESCRIPTION="Tool suite for analysis and visualization of DNS and DNSSEC"
-HOMEPAGE="https://dnsviz.net/"
-SRC_URI="https://github.com/dnsviz/dnsviz/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~amd64 ~x86"
-IUSE="test"
-RESTRICT="!test? ( test )"
-
-BDEPEND="test? ( net-dns/bind )"
-
-DEPEND=">=dev-python/dnspython-1.13[${PYTHON_USEDEP}]
- >=dev-python/m2crypto-0.37.0[${PYTHON_USEDEP}]
- >=dev-python/pygraphviz-1.3.1[${PYTHON_USEDEP}]"
-
-RDEPEND="${DEPEND}"
-
-python_prepare_all() {
- # Fix the ebuild to use correct FHS/Gentoo policy paths
- sed -i \
- -e "s|share/doc/dnsviz|share/doc/${PF}|g" \
- "${S}"/setup.py \
- || die
-
- distutils-r1_python_prepare_all
-}
-
-python_test() {
- distutils_install_for_testing
-
- "${EPYTHON}" tests/dnsviz_probe_run_offline.py -v || die
- "${EPYTHON}" tests/dnsviz_print_options.py -v || die
- "${EPYTHON}" tests/dnsviz_print_run.py -v || die
- "${EPYTHON}" tests/dnsviz_graph_options.py -v || die
- "${EPYTHON}" tests/dnsviz_graph_run.py -v || die
- "${EPYTHON}" tests/dnsviz_grok_options.py -v || die
- "${EPYTHON}" tests/dnsviz_grok_run.py -v || die
-}
-
-pkg_postinst() {
- optfeature "Support for pre-deployment testing" net-dns/bind
- optfeature "Support for DNSSEC signatures using GOST algorithm or digest" dev-libs/ghost-engine
-}
diff --git a/net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-support.patch b/net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-support.patch
deleted file mode 100644
index 1d4d88e97e6d..000000000000
--- a/net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-support.patch
+++ /dev/null
@@ -1,182 +0,0 @@
-From 99bb0c7430c9f954582eabd3a9581fe0db6f2e81 Mon Sep 17 00:00:00 2001
-From: Pascal Ernster <git@hardfalcon.net>
-Date: Mon, 22 Jul 2019 04:25:18 +0200
-Subject: [PATCH] Replace libnacl with python-cryptography, add support for
- algo 16 (Ed448)
-
-Origin: https://github.com/dnsviz/dnsviz/pull/54
-
----
- Dockerfile | 2 +-
- README.md | 8 ++++----
- contrib/dnsviz-py2.spec | 2 +-
- contrib/dnsviz-py3.spec | 2 +-
- dnsviz/crypto.py | 30 +++++++++++++++++++++++++-----
- requirements.txt | 2 +-
- setup.py | 2 +-
- 7 files changed, 34 insertions(+), 14 deletions(-)
-
-diff --git a/Dockerfile b/Dockerfile
-index dc6a0d9e..61a319de 100644
---- a/Dockerfile
-+++ b/Dockerfile
-@@ -2,7 +2,7 @@ FROM alpine:edge
-
- RUN apk add python3 graphviz ttf-liberation libsodium bind bind-tools
- RUN apk add --virtual builddeps linux-headers python3-dev graphviz-dev gcc libc-dev openssl-dev swig && \
-- pip3 install pygraphviz m2crypto dnspython libnacl && \
-+ pip3 install pygraphviz m2crypto dnspython cryptography && \
- apk del builddeps
-
- COPY . /tmp/dnsviz
-diff --git a/README.md b/README.md
-index e9dcda83..03d9c3dd 100644
---- a/README.md
-+++ b/README.md
-@@ -41,7 +41,7 @@ Instructions for running in a Docker container are also available
-
- * M2Crypto (0.28.0 or later) - https://gitlab.com/m2crypto/m2crypto
-
--* libnacl - https://github.com/saltstack/libnacl
-+* Cryptography (2.6 or later) - https://cryptography.io/
-
- Note that the software versions listed above are known to work with the current
- version of DNSViz. Other versions might also work well together, but might
-@@ -85,7 +85,7 @@ $ source ~/myenv/bin/activate
- ```
- (Note that this installs the dependencies that are python packages, but some of
- these packages have non-python dependecies, such as Graphviz (required for
--pygraphviz) and libsodium (required for libnacl), that are not installed
-+pygraphviz) and OpenSSL (required for Cryptography), that are not installed
- automatically.)
-
- Next download and install DNSViz from the Python Package Index (PyPI):
-@@ -121,9 +121,9 @@ $ cp dist/dnsviz-*.tar.gz ~/rpmbuild/SOURCES/
- $ cp contrib/dnsviz-py${PY_VERS}.spec ~/rpmbuild/SPECS/dnsviz.spec
- ```
-
--Install dnspython, pygraphviz, M2Crypto, and libnacl.
-+Install dnspython, pygraphviz, M2Crypto, and Cryptography.
- ```
--$ sudo dnf install python${PY_VERS}-dns python${PY_VERS}-pygraphviz python${PY_VERS}-libnacl
-+$ sudo dnf install python${PY_VERS}-dns python${PY_VERS}-pygraphviz python${PY_VERS}-cryptography
- ```
- For python2:
- ```
-diff --git a/contrib/dnsviz-py2.spec b/contrib/dnsviz-py2.spec
-index 0bea597b..65033c95 100644
---- a/contrib/dnsviz-py2.spec
-+++ b/contrib/dnsviz-py2.spec
-@@ -15,7 +15,7 @@ BuildRequires: make
- Requires: python2-pygraphviz >= 1.3
- Requires: m2crypto >= 0.28.0
- Requires: python2-dns >= 1.13
--Requires: python2-libnacl
-+Requires: python2-cryptography
-
- %description
- DNSViz is a tool suite for analysis and visualization of Domain Name System
-diff --git a/contrib/dnsviz-py3.spec b/contrib/dnsviz-py3.spec
-index ef25f4b5..975f3e10 100644
---- a/contrib/dnsviz-py3.spec
-+++ b/contrib/dnsviz-py3.spec
-@@ -15,7 +15,7 @@ BuildRequires: make
- Requires: python3-pygraphviz >= 1.3
- Requires: python3-m2crypto >= 0.28.0
- Requires: python3-dns >= 1.13
--Requires: python3-libnacl
-+Requires: python3-cryptography
-
- %description
- DNSViz is a tool suite for analysis and visualization of Domain Name System
-diff --git a/dnsviz/crypto.py b/dnsviz/crypto.py
-index b011cbf3..283eac4d 100644
---- a/dnsviz/crypto.py
-+++ b/dnsviz/crypto.py
-@@ -55,7 +55,7 @@
- 'M2Crypto >= 0.21.1': (set([1,5,7,8,10]), set([1,2,4]), set([1])),
- 'M2Crypto >= 0.24.0': (set([3,6,13,14]), set(), set()),
- 'M2Crypto >= 0.24.0 and either openssl < 1.1.0 or openssl >= 1.1.0 plus the OpenSSL GOST Engine': (set([12]), set([3]), set()),
-- 'libnacl': (set([15]), set(), set()),
-+ 'cryptography': (set([15,16]), set(), set()),
- }
- _logged_modules = set()
-
-@@ -72,12 +72,19 @@
- _supported_digest_algs.update(set([1,2,4]))
-
- try:
-- from libnacl.sign import Verifier as ed25519Verifier
-+ from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
- except ImportError:
- pass
- else:
- _supported_algs.add(15)
-
-+try:
-+ from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PublicKey
-+except ImportError:
-+ pass
-+else:
-+ _supported_algs.add(16)
-+
- GOST_PREFIX = b'\x30\x63\x30\x1c\x06\x06\x2a\x85\x03\x02\x02\x13\x30\x12\x06\x07\x2a\x85\x03\x02\x02\x23\x01\x06\x07\x2a\x85\x03\x02\x02\x1e\x01\x03\x43\x00\x04\x40'
- GOST_ENGINE_NAME = b'gost'
- GOST_DIGEST_NAME = b'GOST R 34.11-94'
-@@ -386,10 +393,21 @@ def _validate_rrsig_ec(alg, sig, msg, key):
-
- def _validate_rrsig_ed25519(alg, sig, msg, key):
- try:
-- verifier = ed25519Verifier(binascii.hexlify(key))
-- return verifier.verify(sig + msg) == msg
-- except ValueError:
-+ verifier = Ed25519PublicKey.from_public_bytes(key)
-+ verifier.verify(sig, msg)
-+ except:
- return False
-+ else:
-+ return True
-+
-+def _validate_rrsig_ed448(alg, sig, msg, key):
-+ try:
-+ verifier = Ed448PublicKey.from_public_bytes(key)
-+ verifier.verify(sig, msg)
-+ except:
-+ return False
-+ else:
-+ return True
-
- def validate_rrsig(alg, sig, msg, key):
- if not alg_is_supported(alg):
-@@ -407,6 +425,8 @@ def validate_rrsig(alg, sig, msg, key):
- return _validate_rrsig_ec(alg, sig, msg, key)
- elif alg in (15,):
- return _validate_rrsig_ed25519(alg, sig, msg, key)
-+ elif alg in (16,):
-+ return _validate_rrsig_ed448(alg, sig, msg, key)
-
- def get_digest_for_nsec3(val, salt, alg, iterations):
- if not nsec3_alg_is_supported(alg):
-diff --git a/requirements.txt b/requirements.txt
-index d6b2de5e..af2be235 100644
---- a/requirements.txt
-+++ b/requirements.txt
-@@ -1,4 +1,4 @@
- dnspython
- pygraphviz
- m2crypto
--libnacl
-+cryptography
-diff --git a/setup.py b/setup.py
-index ba1016e3..b531c025 100644
---- a/setup.py
-+++ b/setup.py
-@@ -135,7 +135,7 @@ def run(self):
- 'pygraphviz (>=1.1)',
- 'm2crypto (>=0.24.0)',
- 'dnspython (>=1.11)',
-- 'libnacl',
-+ 'cryptography (>=2.6)',
- ],
- classifiers=[
- 'Development Status :: 5 - Production/Stable',
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-07-02 15:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-07-02 15:14 [gentoo-commits] repo/gentoo:master commit in: net-dns/dnsviz/, net-dns/dnsviz/files/ David Seifert
-- strict thread matches above, loose matches on Subject: below --
2020-08-22 13:41 Thomas Deutschmann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox